8.2.4 About the lxc-oracle Template Script

Note

If you amend a template script, you alter the configuration
files of all containers that you subsequently create from that
script. If you amend the config file for a
container, you alter the configuration of that container and
all containers that you subsequently clone from it.

The lxc-oracle template script defines system
settings and resources that are assigned to a running container,
including:

the default passwords for the oracle and
root users, which are set to
oracle and root
respectively

the host name (lxc.utsname), which is set
to the name of the container

the number of available terminals
(lxc.tty), which is set to 4

the location of the container's root file system on the host
(lxc.rootfs)

the location of the fstab mount
configuration file (lxc.mount)

all system capabilities that are not available to the
container (lxc.cap.drop)

To enhance security, you can uncomment
lxc.cap.drop capabilities to prevent
root in the container from performing certain
actions. For example, dropping the sys_admin
capability prevents root from remounting the
container's fstab entries as writable.
However, dropping sys_admin also prevents the
container from mounting any file system and disables the
hostname command. By default, the template
script drops the following capabilities:
mac_admin, mac_override,
setfcap, setpcap,
sys_module, sys_nice,
sys_pacct, sys_rawio, and
sys_time.

When you create a container, the template script writes the
container's configuration settings and mount configuration to
/container/name/config
and
/container/name/fstab,
and sets up the container's root file system under
/container/name/rootfs.

Unless you specify to clone an existing root file system, the
template script installs the following packages under
rootfs (by default, from the Oracle Linux Yum
Server at https://yum.oracle.com):

Package

Description

chkconfig

chkconfig utility for maintaining
the /etc/rc*.d hierarchy.

dhclient

DHCP client daemon (dhclient) and
dhclient-script.

initscripts

/etc/inittab file and
/etc/init.d scripts.

openssh-server

Open source SSH server daemon,
/usr/sbin/sshd.

oraclelinux-release

Oracle Linux 6 release and information files.

passwd

passwd utility for setting or
changing passwords using PAM.

policycoreutils

SELinux policy core utilities.

rootfiles

Basic files required by the root
user.

rsyslog

Enhanced system logging and kernel message trapping
daemons.

vim-minimal

Minimal version of the VIM editor.

yum

yum utility for installing,
updating and managing RPM packages.

The template script edits the system configuration files under
rootfs to set up networking in the container
and to disable unnecessary services including volume management
(LVM), device management (udev), the hardware
clock, readahead, and the Plymouth boot
system.